Palo Alto Networks warns attackers are building economies of scale by conducting more efficient operations and complementing their skills with commercially available tools.

Hackers spammed the npm repository with more than 15,000 packages in the hope of distributing phishing links. Hackers created these packages using automated processes, through auto-generated names and project descriptions that closely resembled one another. The bogus modules had names like “free-tiktok-followers,” “free-xbox-codes,” and “instagram-followers-free.”

A mysterious and unidentified group of hackers has sought to paralyze the computer networks of almost 5,000 victims across the US and Europe, in one of the most widespread ransomware attacks on record.

The Asia-Pacific region retained the top spot as the “most attacked” region in 2022 for the second consecutive year, accounting for 31 percent of all cybersecurity incidents remediated worldwide, a new report by IBM X-Force revealed on Wednesday.

Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023.

The European Union’s executive branch said Thursday that it has temporarily banned TikTok from phones used by employees as a cybersecurity measure, reflecting widening worries from Western officials over the Chinese-owned video sharing app.

Google patched a critical remote code execution bug in its Chrome web browser Wednesday that allows an attacker to install malware on a victim’s system simply by tricking them to visit a malicious site.

The previously unreported hack — which a source familiar with the incident said was ransomware — led some grocery shoppers to complain on Facebook in recent days that store shelves were missing Dole-made salad kits.

The increasing use of open-source packages in application development also creates a path for threat groups that want to use the software supply chain as a backdoor to myriad targets that depend on it.

Hydrochasma, the threat actor behind this campaign, has not been linked to any previously identified group, but appears to have a possible interest in industries that may be involved in COVID-19-related treatments or vaccines.